Waqar Hameed

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue has been identified in the Linux kernel, specifically in the `ubifs tnc end commit` function. This issue can be triggered by inserting a new node into the TNC tree, causing the tree to split and a node's `znode->parent` to change. If other nodes in the tree are deleted, the `znode->cparent` of the affected node may still point to a freed node, leading to a use-after-free error when accessing `znode->cparent` in `write index()`. This can be exploited by running a specific sequence of commands, including `rm -f /etc/test-file.bin` and `dd if=/dev/urandom of=/etc/test-file.bin bs=1M count=60 conv=fsync`, in a loop, with `CONFIG UBIFS FS AUTHENTICATION` enabled. The issue can be fixed by explicitly setting `znode->cparent` to `NULL` in `get znodes to commit()` for the root node. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.